The following permissions are required for Luware Recording:
| Type | Graph API Permission | Short Description | Technical Description |
| Delegated | User.Read |
User login, Read user information |
The Luware Recording portal will redirect users to your Azure Entra Identity login page when a user attempts to sign in. This permission allows the users to sign in to the Luware Recording portal. Only users configured in Luware Recording synchronised security groups are permitted to login. |
| Application | Calls.Access.Media.All | Access media streams in a call as an app | Required for the Luware Recording Bot to access Microsoft Teams media streams during a call as an application. |
| Application | Calls.JoinGroupCall.All | Join group calls and meetings as an app | Required for the Luware Recording bot to join group calls and meetings as an application and send media streams to the recorders. |
| Application | Calls.JoinGroupCallAsGuest.All | Join group calls and meetings as a guest | Required for the Luware Recording bot to Join group calls and meetings as a guest. |
| Application | OnlineMeetings.Read.All | Read online meeting details | Required for the Luware Recording bot to read online meeting details to capture metadata used for recording decisions. |
| Application | Calendars.read | Read meeting subjects and metadata | Required for the Luware Recording bot to read meeting metadata for selective recording scenarios. |
| Application | Group.Read.All | Read Group Object Ids | Required for the Luware Recording Application to read the Azure Security Groups from your Microsoft Entra Id tenant. The Group ID objects are used for the GroupMember.Read.All permission to identify individuals that are enabled for Luware Recording. |
| Application | GroupMember.Read.All | Read group memberships | Required for the Luware Recording Application to read the users identities that are member of the groups specified in Group.Read.All permission. |
| Application | User.Read.All | Read users properties | Required to read Azure Entra user information for call recording metadata, user login and insertion of user identities for capture of conversations. |
These permissions cannot be modified for Multi-Tenant environments. For Private-Tenant environments, Luware will provide a set of application permissions that meet your capture and archive requirements.